diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
commit | 92cb17e05cecb4093ee9e189347ba66b8844528a (patch) | |
tree | 7129cf8b6398e67276a17856804d4a157c4b7fa1 /enter_bug.cgi | |
parent | Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking (diff) | |
download | bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.bz2 bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.zip |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'enter_bug.cgi')
-rwxr-xr-x | enter_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index 4ef886741..2337de120 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -207,7 +207,7 @@ $vars->{'qa_contact_disabled'} = !$has_editbugs; $vars->{'cloned_bug_id'} = $cloned_bug_id; -$vars->{'token'} = issue_session_token('createbug:'); +$vars->{'token'} = issue_session_token('create_bug'); my @enter_bug_fields = grep { $_->enter_bug } Bugzilla->active_custom_fields; |